#!perl -w
use strict;

use CGI qw/ :standard /;
use CGI::Pretty qw/ :html /;

my @puzzles = ();

$puzzles[1] = <<P;
Go to register.cgi
Attempt to create an account
Modify that URL and change admin=true
Send an email to secretary@ containing a <a href="url"></a>
Log in with the new credentials
P

$puzzles[2] = <<P;
Use 'or 1=1 (or any other simple SQL injection)
P

$puzzles[3] = <<P;
"><script>alert('foo')</script><span id="
P

$puzzles[4] = <<P;
path=../../../../etc/passwd
P

print header,
			start_html('TODO'),
			&puzzle(1),
			&puzzle(2),
			&puzzle(3),
			&puzzle(4),
			&puzzle(5),
			end_html;

sub puzzle{
	my $num = shift;
	my $retval = span(
			"Puzzle $num",
			ol(
				li(
						[split(/\n/,$puzzles[$num])]
					)
				),
			);
	return $retval;
}
